Introducing the ASIS Security Risk Assessment Standard: A comprehensive framework for assessing security risks

April 16, 2024
The ASIS SRA Standard offers an up-to-date and forward-looking comprehensive and systematic approach to identifying, analyzing, and evaluating security risks.

Alexandria, VA (16 April 2024)—ASIS International, a leading authority in security standards and guidelines, proudly announces the release of an American National Standards Institute (ANSI)-approved standard dedicated to security risk assessments.

The ASIS Security Risk Assessment (SRA) Standard has been revised and designed to revolutionize how organizations assess and manage security risks. Developed by a team of seasoned security professionals, the ASIS SRA Standard offers an up-to-date and forward-looking comprehensive and systematic approach to identifying, analyzing, and evaluating security risks, ultimately empowering organizations to safeguard their assets, mitigate threats, and enhance resilience. 

“The ASIS Security Risk Assessment Standard is the result of extensive collaboration and expertise from a diverse group of leading security professionals with expertise in conducting security risk assessments,” stated ASIS International’s SRA Technical Committee Co-Chair, Jennifer Holcomb, PE, PMP, PSP, CPP, CPD. “By outlining a systematic approach to security risk assessment, this standard empowers organizations to proactively identify and address vulnerabilities, ultimately strengthening their security posture. I am honored to have contributed to this important initiative." 

The ASIS SRA Standard sets the benchmark for excellence in security risk assessment practices. With its robust framework and detailed guidance, this standard equips security practitioners with the tools and methodologies needed to conduct thorough and effective security risk assessments in diverse environments. 

Key features of the ASIS SRA Standard include: 

  • Comprehensive Scope: The standard provides a detailed outline of the scope, objectives, and principles of security risk assessments, ensuring that all aspects of the assessment process are thoroughly covered. 
  • Establishing the SRA Context: This section delves into the foundational elements of the SRA, including needs assessment, defining objectives, delineating roles, and responsibilities, and ensuring compliance with legal and other requirements. 
  • Preparing SRA Activities: Offering practical guidance on authorization, information gathering, planning, and documentation, this section prepares practitioners for the execution of the SRA process. 
  • Conducting SRA Activities: From risk identification to evaluation, this section outlines the essential steps involved in analyzing and assessing security risks, providing methodologies for both qualitative and quantitative analysis. 
  • Post-SRA Activities: Following the assessment, this section guides organizations through the process of implementing risk treatments and establishing ongoing monitoring and improvement mechanisms. 
  • General Principles: Emphasizing impartiality, objectivity, competence, and confidentiality, this section underscores the ethical and professional standards that underpin the SRA process. 
  • Contents of the Security Risk Assessment Report: Providing a template for reporting findings and recommendations, this section ensures clarity and consistency in communicating assessment outcomes. 

With its emphasis on best practices, transparency, and continual improvement, the ASIS SRA Standard is poised to become the go-to resource for security professionals worldwide. Whether you're a seasoned practitioner or new to the field, this standard offers invaluable insights and detailed guidance for enhancing your organization's security posture. 

"We are proud to introduce the ASIS Security Risk Assessment Standard, a culmination of years of expertise and industry collaboration," said Sue Carioti, CAE, CStd, Vice President, Certification, Standards, ASIS International. "With security risks evolving at an unprecedented pace, it is imperative for organizations to have a robust framework in place to assess and mitigate these risks effectively. The ASIS SRA Standard provides precisely that—a comprehensive roadmap for navigating the complexities of modern security challenges." 

The ASIS Security Risk Assessment Standard is now available as an eBook and in print.